Fun with Harmonics: VHF from a Serial Port

I measured the edge rates on the TTL output of some of these USB-UART bridges to be under 2ns. This generates some strong frequency harmonics, which you can see here in the 67th harmonic of a 1MHz square wave output by an FT232RL driven by the square_wave.py code from the GitHub repo. Yes, that's a 67 MHz signal from a serial port.

You can see three strong spurs surrounding the harmonic - these are themselves harmonics of the strong sub-harmonic spurs created by the modulation technique. The other thing that is apparent is the instability of the signal. You'd normally call this jitter since it's a ostensibly a digital device we're dealing with, but the term phase noise is equally applicable in this case. The problem with harmonics is that they multiply the phase noise just as they multiply the frequency - this signal has 67x the phase noise of the 1MHz fundamental. It's possible to receive AM audio on this carrier, but the receiving width of the demodulator has to be increased to include the larger bandwidth of the "wandering" signal. You can definitely hear it, though!

The other problem with harmonics is that they can be substantially weaker than the fundamental. The output here is a square wave, and for an ideal square wave, the amplitude of the Nth fundamental is proportional to 1/N. So, for this 67th fundamental, the amplitude is 1/67th, or down 36.5 dB. Using one of these harmonics in a meaningful way without creating serious interference on other frequencies would be very difficult. But they might work for a stunt-type hack :-)

I've looked at higher harmonics, and they're "usable" into the upper VHF range. I received an AM transmission at 151 MHz, for instance, but the quality was very poor. I am very interested in spoofing some RF remote device with this system. 433 and 315 MHz are simply out of reach - I tried. The signals are too weak and too unstable. I think the best bet is a toy remote on 27 or maybe 49 MHz. I'll keep an eye out for super-cheap 27 MHz remote-controlled cars; they used to involve super-regenerative receivers which weren't very selective, although I don't know what they use these days.

Other Bridges

The FT232RL shown above is the best one I've tested in terms of frequency stability. Contrast the image above with this one showing the output from a CP2102N again at the same 67th harmonic of a 1 MHz carrier:

The spectrum is amazingly wide - I'm not sure how the chip is generating its frequencies, but looking at the harmonics shows the "stability" is very poor. I wonder if this is an intentional move to reduce the emissions profile of the device. The striated spectrum would indicate some sort of digital spectrum-spreading technique is being used. If so, it works, because the resulting harmonic is not suitable for transmitting audio or data. However, the small amount of jitter present in the fundamental at 1 MHz is low enough to avoid framing errors in serial data transmission, which only needs to be accurate to a few percent. It looks like a clever design from Silicon Labs.

Interestingly, this chip is otherwise pretty useful for transmitting on the fundamental frequency, where the small amount of jitter doesn't affect the communication. If you step up to version 4.19 of the linux kernel, you can drive the part to 3Mbps. In older versions, it was limited to 2Mbps. I suspect it can go even higher, since I was able to re-program the limit to 4Mbps on a CP2102N here using the Silicon Labs software:

I don't know if this works yet, since I have to patch the limit in the kernel driver code and re-compile to test it.

Frequency Agility

Even limited to 3Mbps maximum, the CP2012N is fairly frequency agile. You can read the details in the kernel code, but unlike some older serial ports, the CP2012N isn't limited to the usual baud rates. You can set any rate that obeys 12MHz/k, for an integer k. This allows the following 16 fundamental frequencies in the AM broadcast band:

k

Baud Rate

Fundamental Frequency

8

3000000

1.5 MHz

9

2666666

1.333 MHz

10

2400000

1.2 MHz

11

2181818

1.09 MHz

12

2000000

1 MHz

13

1846154

923 kHz

14

1714286

857 kHz

15

1600000

800 kHz

16

1500000

750 kHz

17

1411765

705 kHz

18

1333333

666 kHz

19

1263158

631 kHz

20

1200000

600 kHz

21

1142857

571 kHz

22

1090909

545 kHz

23

1043478

521 kHz

This list gives a decent set of frequencies to play with, even though the harmonics are not very useful.

I haven't compiled a table for the achievable rates from an FT232RL yet, but they appear to be more limited, even though the harmonics are much better.